This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
• Advanced technical and Engineering degrees including PhD• CISSP – Certified Information System Security Professional• Business process analysis and re-engineering • Over 25 years of experience deploying an designing
Supervisory Control (SCADA) Systems Distributed Control (DCS) Systems PLC-based Automation Systems Substation Integration/Automation Systems
• Plant automation experience in a wide range of industries • Extensive Customer Training/Educational Experience• Knowledge of the current Cyber Security technologies• Familiarity with Government/Industry efforts in the area of
automation system/plant security (NERC, ISA, DHS, etc…)
• Technology Training ClassesTechnology Training Classes- Introduction to DCS and PLC Technology- Introduction to DCS and PLC Technology- Introduction to SCADA TechnologyIntroduction to SCADA Technology- Basic Process Measurement & ControlBasic Process Measurement & Control- Communications & NetworkingCommunications & Networking
• Security Training ClassesSecurity Training Classes - Introduction to Security Concepts- Introduction to Security Concepts- NERC CIP-002 to 009 - NERC CIP-002 to 009 - Understanding ISA SP99 Recommendations- Understanding ISA SP99 Recommendations
• Management Briefing on CIP-001/009Management Briefing on CIP-001/009• Identification of Critical Cyber AssetsIdentification of Critical Cyber Assets• Physical and Electronic Perimeter DefinitionsPhysical and Electronic Perimeter Definitions• Vulnerability AssessmentsVulnerability Assessments• Risk and Gap AnalysisRisk and Gap Analysis• Development of Implementation PlansDevelopment of Implementation Plans• Employee TrainingEmployee Training• Policy and Procedure DevelopmentPolicy and Procedure Development• Disaster Recovery PlanningDisaster Recovery Planning• Program Auditing and Incident ReportingProgram Auditing and Incident Reporting
• You must maintain audit logs for a wide range of items, actions & changesYou must maintain audit logs for a wide range of items, actions & changes
• You must review your policies/procedures on a regular (annual) basisYou must review your policies/procedures on a regular (annual) basis
• You must test your procedures, especially disaster recovery, regularlyYou must test your procedures, especially disaster recovery, regularly
• You must maintain training and awareness programsYou must maintain training and awareness programs
• You must regularly re-certify/test your physical & electronic perimetersYou must regularly re-certify/test your physical & electronic perimeters
• You MUST INSURE that policies and procedures are being followed !!!You MUST INSURE that policies and procedures are being followed !!! (If not, then find out why and change them if you need to do so…)(If not, then find out why and change them if you need to do so…)
Security Program ManagementSecurity Program ManagementM
atu
rity
Time
1. Develop a Business Case
2. Obtain Leadership Commitment, Support,
and Funding
3. Define the Charter and Scope of IACS Security for Your
Organization
4. Form a Team of Stakeholders
6. Characterize the Key IACS
Risks
7. Prioritize and Calibrate Risks
8. Establish High-Level Policies that Support the Risk Tolerance
Level
10. Inventory IACS Devices and Networks
9. Organize for Security
11. Screening and Prioritization of IACS
13. Develop Detailed IACS Cyber Security
Policies and Procedures
14. Define the Common Set of IACS
Security Risk Mitigation Controls
15. Develop Additional Elements of the CSMS
Plan
16. Quick Fix
18. Establish, Refine and Implement the
CSMS
12. Conduct a Detailed Security Assessment
17. Charter, Design, and Execute Cyber
Security Risk Mitigation Projects
19. Adopt Continuous Improvement
Operational Measures
5. Raise Staff Cyber Security Capability through Training
Plan Phase
Do Phase
Check Phase
Act Phase
Activity MUST be completed before proceeding to next activity
Activity DOES NOT need to be completed before proceeding to next activity
Legend
Cyber SEC suggests following the recommended 19-step program delineated in the ISA’s TR-99.002 Technical report as the basis for moving forward with the initial creation of,
and long-term support for, an industrial automation security program. This program approach addresses physical,
operational [personnel] and cyber [electronic] security and provides the basis for an on-going cycle of review and
Cyber SEC uses a modified version of the DuPont DNSAM vulnerability assessment methodology. The major difference being the consideration of a range of technical, physical and administrative countermeasures when addressing probable threats.
Assessment takes the entire range of interconnected LAN and WAN ‘segments’ and identifies critical systems and assets located on each and then identifies the available connectivity onto, and accessibility of, each segment.
The critical systems could be controllers, HMIs, supervisory computers, historians, servers, ESD systems, batch managers, etc. Assets can be information, files, software, database, etc.
Segments are formed by the presence of an ‘isolation’ appliance (a firewall) that controls
Cyber SEC uses a qualitative risk assessment methodology that assigns every threat a probability and consequence rating. A three or four level scale is used for each of the two categories. Consequences are ranked based on a range of impacts including health, safety, environmental, business, facilities and regulatory impacts.
The end result of the assessment will be a Pareto chart of vulnerabilities ranked on an A through D classification, where the priority order of the countermeasure implementation will be in that same order. Countermeasures will be recommended based on their comparative cost-performance ratio
A consequence table will be developed that reflects your business risk-tolerance and
safety requirements level and used to rank threats
Chapter Outline: 1. The Technological Evolution of SCADA Systems2. Remote Terminal Units3. Telecommunications Technologies4. Supervisory Control Applications5. Operator Interface6. Conventional Information Technology (IT) Security7. Identifying Cyber security Vulnerabilities8. Classifying Cyber Attacks and Cyber Threats9. Physical Security10. Operational Security11. Electronic/Systems Security12. Electric Utility Industry - Specific Cyber security Issues13. Water/Wastewater Industry - Specific Cyber Security Issues14. Pipeline Industry - Specific Cyber Security Issues15. The Emerging Cyber Threat to SCADA Systems16. Commercial Hardware and Software Vulnerabilities17. Traditional Security Features of SCADA Systems18. Eliminating the Vulnerabilities of SCADA Systems